Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
EASM mistakes waiting to happen
Search
JR0ch17
January 25, 2022
Technology
0
32
EASM mistakes waiting to happen
JR0ch17
January 25, 2022
Tweet
Share
More Decks by JR0ch17
See All by JR0ch17
Traversing my way in the internal network
jr0ch17
0
130
Getting Started in Bug Bounty
jr0ch17
0
77
Getting Blindly Lucky
jr0ch17
0
59
Qu'est-ce que le bug bounty?
jr0ch17
0
85
Finding 5 bugs in a single parameter
jr0ch17
0
57
Beyond the Borders of Scope
jr0ch17
0
41
Bad API, hAPI Hackers!
jr0ch17
0
1.5k
Other Decks in Technology
See All in Technology
なぜ今 AI Agent なのか _近藤憲児
kenjikondobai
4
1.4k
The Role of Developer Relations in AI Product Success.
giftojabu1
0
130
オープンソースAIとは何か? --「オープンソースAIの定義 v1.0」詳細解説
shujisado
9
1.1k
SSMRunbook作成の勘所_20241120
koichiotomo
3
160
複雑なState管理からの脱却
sansantech
PRO
1
150
Python(PYNQ)がテーマのAMD主催のFPGAコンテストに参加してきた
iotengineer22
0
500
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
3.9k
インフラとバックエンドとフロントエンドをくまなく調べて遅いアプリを早くした件
tubone24
1
430
Introduction to Works of ML Engineer in LY Corporation
lycorp_recruit_jp
0
140
ISUCONに強くなるかもしれない日々の過ごしかた/Findy ISUCON 2024-11-14
fujiwara3
8
870
アジャイルチームがらしさを発揮するための目標づくり / Making the goal and enabling the team
kakehashi
3
140
Application Development WG Intro at AppDeveloperCon
salaboy
0
190
Featured
See All Featured
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
126
18k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
16
2.1k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
Adopting Sorbet at Scale
ufuk
73
9.1k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
246
1.3M
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
31
2.7k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
8.2k
Designing for Performance
lara
604
68k
Product Roadmaps are Hard
iamctodd
PRO
49
11k
Mobile First: as difficult as doing things right
swwweet
222
8.9k
How to Think Like a Performance Engineer
csswizardry
20
1.1k
VelocityConf: Rendering Performance Case Studies
addyosmani
325
24k
Transcript
EASM mistakes waiting to happen
GET /whoami HTTP/2 Jasmin Landry JR0ch17 Lead, IT & Security
at Montreal Canadiens fan
GET /agenda HTTP/2 EASM Common mistakes Hacker perspective
GET /EASM HTTP/2 What exactly is EASM? What does it
cover? Why is it important?
GET /common_mistakes HTTP/2 Lack of Change Management Not respecting Least
Privilege Misconfigured WAFs Cloud misconfigs (S3 buckets)
GET /hacker_perspective HTTP/2 • Subdomains • IPs • TLS certificates
• Third-party apps Recon EVERYTHING • Monitor for new assets • Monitor any change Continuous Monitoring
GET /thanks HTTP/2 Thank you for listening Questions? More questions?
DMs are open on and